For this year’s second annual Small Business Saturday, held on the Saturday after Thanksgiving to encourage shoppers to support small businesses, American Express Open is teaming up with Facebook to give five small companies a Facebook facelift and $20,000 to grow their businesses. READ MORE
Security was little more than an afterthought for the original designers of the Internet. Networks were either cordoned off, private and secure, or fully open to the public. But network security is a critical concern for businesses these days. IT managers and, in smaller businesses, the owners themselves must balance access and functionality against reliability and the need to safeguard data. Taking time to prioritize your network security needs and understanding best practices to ward off threats is essential. For most IT managers, the approach involves both technology and employees. The technology There are several smart steps IT managers can take, say experts. These will minimize your network risks: Configure your firewall or hire someone else to do so. Most small businesses run the firewall set just as it came from the factory, and most firewalls are set to let everything go out, says Luke Walling, founder of North Carolina-based Walling Data, an IT outsourcing, management and support firm. Make sure your firewall limits attempts to connect to suspect service ports. Also, says Walling, consider an additional stand-alone device, such as those manufactured by Cymphonix, to filter content and block attempts to bypass your firewall. Protect in depth. It’s not enough to protect at the network level. Make sure each workstation is also protected against spyware, malware and viruses. Understand your limitations. Frequently, small businesses don’t maintain security software, says Michael Davis, CEO of Savid Technologies, a security consulting company in suburban Chicago. “Pick a technology that is auto-updated or easily and inexpensively updated.” Run a separate network. Consider segregating sensitive data on a network that has no connections to the outside world. Use effective logging data. Log management doesn’t have to be a headache for small to medium businesses, says Davis. For instance, Splunk is a free open source management tool handling limited amounts of data each day. “It can help you when you have an actual incident,’’ Davis says. Manage portable devices. Lost laptops, USB drives, and other portable devices comprise one of the biggest security threats today. Using encryption for portable devices and even limiting USB capability on workstations can minimize threats. Some government agencies go so far as to place epoxy in the USB ports on computers. The human factor Black Monday, the Monday after Thanksgiving noted for an explosion in cyber sales, got its name for good reason. Before the widespread advent of fast, home Internet connections, employees returned to work and shopped at will on their workstation computers. Employees don’t often recognize boundaries and limitations when it comes to workplace computer use, says Walling. “The typical person walks into work and uses the computer just as they would at home,’’ Walling says. “The biggest single hindrance is any single business is the fact that people don’t understand what they’re doing could be a threat.” Managing the human factor takes a four-pronged approach, say experts. Define limitations. “The balance between functionality and security is constantly getting worse as the number of things people want to do with their computer increases,’’ says Paul Kocher, president of Cryptography Research, a San Francisco-based data security firm. “Are users allowed to be able to go to any website they want? Watch YouTube during the day? Should users have any access to the Internet during the day?” Define an acceptable use policy, a step most small businesses don’t take, says Walling. Educate employees. Firewalls work, says Davis. Most threats to your network security will come at your employees’ workstations, as they download that funny video or screensaver or click on that url in an email. Attacks are so slick these days that even sophisticated users can be easily fooled, points out Davis. He cites the example of a supposed draft of an earning announcement supposedly sent from the CEO of a large corporation to company executives. The e-mail included a Powerpoint presentation using the corporate template, but it was fictitious. When executives opened the attachment, the company network was compromised. Communicate regularly. Have a personable IT employee who regularly makes the rounds, talking with employees about issues that arise and noting their security practices, says Kocher. If your company isn’t big enough for a dedicated IT staff, make sure you’re modeling good security practices. Often, says Kocher, senior management personnel are the most difficult to convince when it comes to taking precautions. Executives want immediacy and convenience and may not think about the potential consequences. Test and review. Develop a survey about best security practices and have employees take the survey at least once a year, suggests Davis. Follow through on incorrect responses. The good news is attacks on small andmid-sized businesses are usually an afterthought. Directed attacks are usually aimed at bigger prey, such as large corporations. Your greatest vulnerability lies in your employees. “Most of the time, it’s literally an employee doing something they shouldn’t do,’’ says Davis.
Just the other day I was speaking to one of my clients, who has run a traditional brick-and-mortar operation for over 15 years. His small business is one that you would not expect to be cashing-in on e-commerce — although he certainly is — in that he sells industrial plumbing supplies. As we got to talking, we chatted about his marketing initiatives — specifically his Internet strategy — and I was pleasantly surprised to hear his e-commerce business was steadily becoming more than just “a website presence.” In fact, he was acquiring new clients, building new relationships, and selling direct to the point where his e-business was becoming a significant part of his whole business. Who knew selling toilet accessories to contractors online could be so successful? Actually, I did. You see, at first my client was skeptical of having a Web presence at all — and thought that e-commerce was a something that would not apply to his operation, especially since there was some investment required to get things rolling. It was only after some convincing that I was able to persuade him that his hard-earned dollars would be well spent on a solid e-commerce and Internet marketing strategy. Fast-forward one month later — his 600-plus product e-commerce site was launched and marketing commenced. At the end of the first week, I figured I’d touch-base with the client to see how things were going. “I’m getting several prospect phone calls and e-mails daily — and I’ve already received a few online orders he said. My initial feeling was one of relief — given I had the been the catalyst for having him make the investment — but when I thought about it for a second, it made perfect sense. After all, 2005 was a true milestone for e-commerce business. Total Internet spending for the year reached $143.2 billion — up 22% over the $117.2 billion spent online in 2004, according to comScore Networks. “Cyber Mondays,” the Monday following the Thanksgiving holiday, are quickly becoming a part of our American holiday shopping routine — similar to “Black Friday for traditional retailers. I suppose it’d be easy for me to simply say, “Your target market IS buying online.” But it’s even easier to cite the low operational costs, the ability to do business in an automated fashion 24/7, the exposure to a national, even an international, prospect-base and the fact that your competition is probably already doing business (or at least strategizing about it) online. Both consumers and businesses are embracing the power of the Web, finding what they need through search engines like Google and Yahoo!, and buying through Amazon, e-Bay and Buy.com. If you think that just because these are huge, well-known companies that your business can’t capitalize on the same strategies these businesses have, you need to think again. While no company, in my opinion, has it all figured out in terms of e-commerce (no, not even Google), the same basic principles apply no matter what size the business. However, to quote a particularly good NY Lotto ad slogan from the 80s, first “You gotta be in it to win it. Like anything else, procrastination and fear of the unknown often stops small-business owners from even getting started in uncharted territories like e-commerce and all things tech. Being February already, it’s a little late for New Year’s resolutions; however, I can’t help but create my short-list of to-dos for any small-business owner thinking of implementing an e-commerce strategy in 2006. Here they are: Do your homework (and I mean now) on your three closest competitors, and see what they’re doing online. Look back on 2005 and think of at least three things that completely bombed including how much time and money spent, and how those resources could have been spent in growing your online business. Again, looking back on 2005, think of at least three things that were complete successes (thereby bringing revenue or opportunity back to your organization) and think how sticking to this core-strategy for your online business could have made an even bigger impact. The Web is here to stay, and it offers your business a very effective way to find and keep customers. So even if you’re not sure of the opportunity, you have to take a shot, like my plumbing supplies client did. If you don’t, you could be letting future profits go down the drain.
